
<!DOCTYPE HTML>
<html lang="zh-hans" >
    <head>
        <meta charset="UTF-8">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <title>4、安全考虑 · 《RFC6470 NETCONF 通知》学习笔记</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="description" content="">
        <meta name="generator" content="GitBook 3.2.3">
        <meta name="author" content="HMW">
        
        
    
    <link rel="stylesheet" href="../gitbook/style.css">

    
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-expandable-chapters-small/expandable-chapters-small.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-anchors/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-anchor-navigation-ex/style/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-highlight/website.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-search/search.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
                
            
        

    

    
        
    
        
    
        
    
        
    
        
    
        
    

        
    
    
    <meta name="HandheldFriendly" content="true"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
    <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">

    
    
    <link rel="prev" href="../part3/ianaConsideration.html" />
    

    </head>
    <body>
        
<div class="book">
    <div class="book-summary">
        
            
<div id="book-search-input" role="search">
    <input type="text" placeholder="输入并搜索" />
</div>

            
                <nav role="navigation">
                


<ul class="summary">
    
    

    

    
        
        
    
        <li class="chapter " data-level="1.1" data-path="../">
            
                <a href="../">
            
                    
                    关于RFC6470
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="../part1/Introduction.html">
            
                <a href="../part1/Introduction.html">
            
                    
                    1、概要
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3" data-path="../part2/yang4Notifications.html">
            
                <a href="../part2/yang4Notifications.html">
            
                    
                    2、YANG通知模块
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.3.1" data-path="../part2/overView.html">
            
                <a href="../part2/overView.html">
            
                    
                    2.1、概览
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.2" data-path="../part2/definitions.html">
            
                <a href="../part2/definitions.html">
            
                    
                    2.2、定义
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="../part3/ianaConsideration.html">
            
                <a href="../part3/ianaConsideration.html">
            
                    
                    3、IANA考虑
            
                </a>
            

            
        </li>
    
        <li class="chapter active" data-level="1.5" data-path="security.html">
            
                <a href="security.html">
            
                    
                    4、安全考虑
            
                </a>
            

            
        </li>
    

    

    <li class="divider"></li>

    <li>
        <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
            本书使用 GitBook 发布
        </a>
    </li>
</ul>


                </nav>
            
        
    </div>

    <div class="book-body">
        
            <div class="body-inner">
                
                    

<div class="book-header" role="navigation">
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href=".." >4、安全考虑</a>
    </h1>
</div>




                    <div class="page-wrapper" tabindex="-1" role="main">
                        <div class="page-inner">
                            
<div id="book-search-results">
    <div class="search-noresults">
    
                                <section class="normal markdown-section">
                                
                                <div id="anchor-navigation-ex-navbar"><i class="fa fa-navicon"></i><ul><li><span class="title-icon "></span><a href="#&#x5B89;&#x5168;&#x8003;&#x8651;"><b></b>&#x5B89;&#x5168;&#x8003;&#x8651;</a></li></ul></div><a href="#&#x5B89;&#x5168;&#x8003;&#x8651;" id="anchorNavigationExGoTop"><i class="fa fa-arrow-up"></i></a><h1 id="&#x5B89;&#x5168;&#x8003;&#x8651;"><a name="&#x5B89;&#x5168;&#x8003;&#x8651;" class="anchor-navigation-ex-anchor" href="#&#x5B89;&#x5168;&#x8003;&#x8651;"><i class="fa fa-link" aria-hidden="true"></i></a><a name="&#x5B89;&#x5168;&#x8003;&#x8651;" class="plugin-anchor" href="#&#x5B89;&#x5168;&#x8003;&#x8651;"><i class="fa fa-link" aria-hidden="true"></i></a>&#x5B89;&#x5168;&#x8003;&#x8651;</h1>
<p>&#x5B9A;&#x4E49;&#x7684;YANG&#x6A21;&#x5757;&#x662F;&#x8BBE;&#x8BA1;&#x6765;&#x901A;&#x8FC7;NETCONF&#x8BBF;&#x95EE;&#x7684;&#x3002;NETCONF&#x5B89;&#x5168;&#x4F20;&#x8F93;&#x5C42;&#x5FC5;&#x987B;&#x5B9E;&#x73B0;SSH&#x534F;&#x8BAE;&#x3002;</p>
<p>Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments.  It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes.  These are the subtrees and data
nodes and their sensitivity/vulnerability:</p>
<p>/netconf-config-change:</p>
<pre><code>  Event type itself indicates that the system configuration has
  changed.  This event could alert an attacker that specific
  configuration data nodes have been altered.
</code></pre><p>   /netconf-config-change/changed-by:</p>
<pre><code>  Indicates whether the server or a specific user management session
  made the configuration change.  Identifies the user name,
  session-id, and source host address associated with the
  configuration change, if any.
</code></pre><p>   /netconf-config-change/datastore:</p>
<pre><code>  Indicates which datastore has been changed.  This data can be used
  to determine if the non-volatile startup configuration data has
  been changed.
</code></pre><p>   /netconf-config-change/edit:</p>
<pre><code>  Identifies the specific edit operations and specific datastore
  subtree(s) that have changed.  This data could be used to
  determine if specific server vulnerabilities may now be present.
</code></pre><p>/netconf-capability-change:</p>
<pre><code>  Event type itself indicates that the system capabilities have
  changed, and may now be vulnerable to unspecified attacks.  An
  attacker will likely need to understand the content represented by
  specific capability URI strings.  For example, knowing that a
  packet capture monitoring capability has been added to the system
  might help an attacker identify the device for possible
  unauthorized eavesdropping.
</code></pre><p>   /netconf-capability-change/changed-by:</p>
<pre><code>  Indicates whether the server or a specific user management session
  made the capability change.  Identifies the user name, session-id,
  and source host address associated with the capability change, if
  any.
</code></pre><p>   /netconf-capability-change/added-capability:</p>
<pre><code>  Indicates the specific capability URIs that have been added.  This
  data could be used to determine if specific server vulnerabilities
  may now be present.
</code></pre><p>   /netconf-capability-change/deleted-capability:</p>
<pre><code>  Indicates the specific capability URIs that have been deleted.
  This data could be used to determine if specific server
  vulnerabilities may now be present.
</code></pre><p>   /netconf-capability-change/modified-capability:</p>
<pre><code>  Indicates the specific capability URIs that have been modified.
  This data could be used to determine if specific server
  vulnerabilities may now be present.
</code></pre><p>/netconf-session-start:</p>
<pre><code>  Event type itself indicates that a NETCONF or other management
  session may start altering the device configuration and/or state.
  It may be possible for an attacker to alter the configuration by
  somehow taking advantage of another session concurrently editing
  an unlocked datastore.
</code></pre><p>   /netconf-session-start/username:</p>
<pre><code>  Indicates the user name associated with the session.
</code></pre><p>   /netconf-session-start/source-host:</p>
<pre><code>  Indicates the source host address associated with the session.
</code></pre><p>/netconf-session-end:</p>
<pre><code>  Event type itself indicates that a NETCONF or other management
  session may be finished altering the device configuration.  This
  event could alert an attacker that a datastore may have been
  altered.
</code></pre><p>   /netconf-session-end/username:</p>
<pre><code>  Indicates the user name associated with the session.
</code></pre><p>   /netconf-session-end/source-host:</p>
<pre><code>  Indicates the source host address associated with the session.
</code></pre><p>/netconf-confirmed-commit:</p>
<pre><code>  Event type itself indicates that the &lt;running&gt; datastore may have
  changed.  This event could alert an attacker that the device
  behavior has changed.
</code></pre><p>   /netconf-confirmed-commit/username:</p>
<pre><code>  Indicates the user name associated with the session.
</code></pre><p>   /netconf-confirmed-commit/source-host:</p>
<pre><code>  Indicates the source host address associated with the session.
</code></pre><p>   /netconf-confirmed-commit/confirm-event:</p>
<pre><code>  Indicates the specific confirmed-commit state change that
  occurred.  A value of &apos;complete&apos; probably indicates that the
  &lt;running&gt; datastore has changed.
</code></pre><p>   /netconf-confirmed-commit/timeout:</p>
<pre><code>  Indicates the number of seconds in the future when the &lt;running&gt;
  datastore may change, due to the server reverting to an older
  configuration.
</code></pre>
                                
                                </section>
                            
    </div>
    <div class="search-results">
        <div class="has-results">
            
            <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
            <ul class="search-results-list"></ul>
            
        </div>
        <div class="no-results">
            
            <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
            
        </div>
    </div>
</div>

                        </div>
                    </div>
                
            </div>

            
                
                <a href="../part3/ianaConsideration.html" class="navigation navigation-prev navigation-unique" aria-label="Previous page: 3、IANA考虑">
                    <i class="fa fa-angle-left"></i>
                </a>
                
                
            
        
    </div>

    <script>
        var gitbook = gitbook || [];
        gitbook.push(function() {
            gitbook.page.hasChanged({"page":{"title":"4、安全考虑","level":"1.5","depth":1,"previous":{"title":"3、IANA考虑","level":"1.4","depth":1,"path":"part3/ianaConsideration.md","ref":"part3/ianaConsideration.md","articles":[]},"dir":"ltr"},"config":{"plugins":["-sharing","splitter","expandable-chapters-small","anchors","anchor-navigation-ex","livereload"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"github":{"url":"https://github.com/Blankj"},"livereload":{},"splitter":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"anchor-navigation-ex":{"associatedWithSummary":true,"float":{"floatIcon":"fa fa-navicon","level1Icon":"","level2Icon":"","level3Icon":"","showLevelIcon":false},"mode":"float","multipleH1":true,"pageTop":{"level1Icon":"","level2Icon":"","level3Icon":"","showLevelIcon":false},"printLog":false,"showGoTop":true,"showLevel":false},"expandable-chapters-small":{},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"anchors":{}},"theme":"default","author":"HMW","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"《RFC6470 NETCONF 通知》学习笔记","language":"zh-hans","gitbook":"*","description":"RFC6470学习笔记"},"file":{"path":"part4/security.md","mtime":"2021-05-17T09:30:06.148Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2021-05-17T09:48:53.702Z"},"basePath":"..","book":{"language":""}});
        });
    </script>
</div>

        
    <script src="../gitbook/gitbook.js"></script>
    <script src="../gitbook/theme.js"></script>
    
        
        <script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-expandable-chapters-small/expandable-chapters-small.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-livereload/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-search/search-engine.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-search/search.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
        
    

    </body>
</html>

